download.lst | 4 -
external/nss/UnpackedTarball_nss.mk | 4 +
external/nss/macos-dlopen.patch.0 | 25 +++++++++++
external/nss/nss-android.patch.1 | 22 +++++-----
external/nss/nss-bz1646594.patch.1 | 16 +++++++
external/nss/nss.bzmozilla1238154.patch | 12 +++++
external/nss/nss.nspr-parallel-win-debug_build.patch | 40 -------------------
7 files changed, 69 insertions(+), 54 deletions(-)
New commits:
commit 38dbbea5993e66eccb2171416c2497393a7eaf6c
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Fri Aug 7 18:57:00 2020 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Wed Aug 19 07:29:11 2020 +0200
nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100864
Tested-by: Michael Stahl <michael.st...@cib.de>
Reviewed-by: Michael Stahl <michael.st...@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100903
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/download.lst b/download.lst
index 4668fc931810..0871634bf595 100644
--- a/download.lst
+++ b/download.lst
@@ -203,8 +203,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM :=
861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
-export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
+export NSS_SHA256SUM :=
ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
+export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/UnpackedTarball_nss.mk
b/external/nss/UnpackedTarball_nss.mk
index 92902b2da6bf..8fa1edd530cc 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -21,7 +21,9 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/clang-cl.patch.0 \
external/nss/nss.vs2015.patch \
external/nss/nss.vs2015.pdb.patch \
- external/nss/nss.nspr-parallel-win-debug_build.patch \
+ external/nss/nss.bzmozilla1238154.patch \
+ external/nss/nss-bz1646594.patch.1 \
+ external/nss/macos-dlopen.patch.0 \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
$(if $(filter ANDROID,$(OS)), \
diff --git a/external/nss/macos-dlopen.patch.0
b/external/nss/macos-dlopen.patch.0
new file mode 100644
index 000000000000..1889b8df7cd3
--- /dev/null
+++ b/external/nss/macos-dlopen.patch.0
@@ -0,0 +1,25 @@
+--- nspr/pr/src/linking/prlink.c
++++ nspr/pr/src/linking/prlink.c
+@@ -799,7 +799,7 @@
+ * The reason is that DARWIN's dlopen ignores the provided path
+ * and checks for the plain filename in DYLD_LIBRARY_PATH,
+ * which could load an unexpected version of a library. */
+- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) {
++ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name,
"@loader_path/", 13) == 0) {
+ /* no slash, allow to load from any location */
+ okToLoad = PR_TRUE;
+ } else {
+--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
++++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
+@@ -224,7 +224,11 @@
+ static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
+ {
+ pkix_decodeFunc.smimeLib =
++#if defined DARWIN
++ PR_LoadLibrary("@loader_path/"
SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
++#else
+ PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
++#endif
+ if (pkix_decodeFunc.smimeLib == NULL) {
+ return PR_FAILURE;
+ }
diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1
index c45a8b892391..9b120d63ab8c 100644
--- a/external/nss/nss-android.patch.1
+++ b/external/nss/nss-android.patch.1
@@ -57,6 +57,17 @@ diff -ur nss.org/nss/Makefile nss/nss/Makefile
install_nspr: build_nspr
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+--- nss/nss/lib/ckfw/builtins/manifest.mn 2019-11-26 15:18:22.185985193
+0100
++++ nss/nss/lib/ckfw/builtins/manifest.mn 2020-08-18 18:04:29.151889733
+0300
+@@ -5,7 +5,7 @@
+
+ CORE_DEPTH = ../../..
+
+-DIRS = . testlib
++DIRS =
+
+ testlib: .
+
diff -ur nss/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk
--- nss/nss/coreconf/arch.mk 2019-11-01 10:29:44.933245745 +0100
+++ nss/nss/coreconf/arch.mk 2019-11-01 10:32:04.347181076 +0100
@@ -77,14 +88,3 @@ diff -ur nss/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk
OS_ARCH = Android
ifndef OS_TARGET_RELEASE
OS_TARGET_RELEASE := 8
---- nss-3.47.1/nss/lib/ckfw/builtins/manifest.mn 2019-11-19
20:55:30.000000000 +0100
-+++ nss-3.45/nss/lib/ckfw/builtins/manifest.mn 2019-07-05 18:02:31.000000000
+0200
-@@ -5,8 +5,6 @@
-
- CORE_DEPTH = ../../..
-
--DIRS = testlib
--
- MODULE = nss
- MAPFILE = $(OBJDIR)/nssckbi.def
-
diff --git a/external/nss/nss-bz1646594.patch.1
b/external/nss/nss-bz1646594.patch.1
new file mode 100644
index 000000000000..60a78cecb69c
--- /dev/null
+++ b/external/nss/nss-bz1646594.patch.1
@@ -0,0 +1,16 @@
+regression from https://bugzilla.mozilla.org/show_bug.cgi?id=1646594
+
+--- nss/nss/coreconf/arch.mk.orig2 2020-08-18 14:33:21.295252404 +0200
++++ nss/nss/coreconf/arch.mk 2020-08-18 14:33:46.360320806 +0200
+@@ -116,8 +116,10 @@
+ OS_RELEASE := $(word 1,$(OS_RELEASE)).$(word 2,$(OS_RELEASE))
+ endif
+ KERNEL = Linux
++ifneq ($(OS_TARGET),Android)
+ include $(CORE_DEPTH)/coreconf/Linux.mk
+ endif
++endif
+
+ # Since all uses of OS_ARCH that follow affect only userland, we can
+ # merge other Glibc systems with Linux here.
+
diff --git a/external/nss/nss.bzmozilla1238154.patch
b/external/nss/nss.bzmozilla1238154.patch
new file mode 100644
index 000000000000..468ff810b9ca
--- /dev/null
+++ b/external/nss/nss.bzmozilla1238154.patch
@@ -0,0 +1,12 @@
+diff -ru a/nspr/configure b/nspr/configure
+--- a/a/nspr/configure 2019-01-26 12:23:06.589389910 +0100
++++ b/b/nspr/configure 2019-01-26 12:26:56.566222293 +0100
+@@ -7127,7 +7127,7 @@
+
+ # Determine compiler version
+
+- _MSVC_VER_FILTER='s|.*
\([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p'
++
_MSVC_VER_FILTER='s|.*[^!-~]\([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p'
+
+ CC_VERSION=`${CC} -v 2>&1 | sed -ne "$_MSVC_VER_FILTER"`
+ if test -z "$CC_VERSION"; then
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch
b/external/nss/nss.nspr-parallel-win-debug_build.patch
deleted file mode 100644
index 86b55e1ccf7f..000000000000
--- a/external/nss/nss.nspr-parallel-win-debug_build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Änderung: 4866:23940b78e965
-Nutzer: Jan-Marek Glogowski <glo...@fbihome.de>
-Datum: Fri May 01 22:50:55 2020 +0000
-Dateien: pr/tests/Makefile.in
-Beschreibung:
-Bug 290526 Write separate PDBs for test OBJs r=glandium
-
-Quite often when running a parallel NSS build, I get the following
-compiler error message, resulting in a build failure, despite
-compiling with the -FS flag:
-
-.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
-Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
-ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
-dieselbe .PDB-Datei schreiben.
-
-The failing source file is always one of the last test object
-files. But the actual problem is not the compiler accessing the
-PDB file, but the linker already linking the first test
-executables accessing the shared PDB; at least that's my guess.
-
-So instead of using a shared PDB for all test object files, this
-uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
-test's object file. The linker works fine with the shared OBJ PDB.
-
-Differential Revision: https://phabricator.services.mozilla.com/D68693
-
-
-diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
---- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
-+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
-@@ -211,6 +211,7 @@
- else
- EXTRA_LIBS += ws2_32.lib
- LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
-+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
- ifdef PROFILE
- LDOPTS += -PROFILE -MAP
- endif # profile
-
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
